Bugtraq mailing list archives
Re: Linux kernel IGMP vulnerabilities
From: Pekka Savola <pekkas () netcore fi>
Date: Tue, 14 Dec 2004 19:16:39 +0200 (EET)
Hi, On Tue, 14 Dec 2004, Paul Starzetz wrote:
Synopsis: Linux kernel IGMP vulnerabilities Product: Linux kernel Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
[...]
Both parts of the IGMP subsystem have exploitable flaws: (1) the ip_mc_source() function, that can be called through the user API (the IP_(UN)BLOCK_SOURCE, IP_ADD/DROP_SOURCE_MEMBERSHIP as well as MCAST_(UN)BLOCK_SOURCE and MCAST_JOIN/LEAVE_SOURCE_GROUP socket SOL_IP level options) suffers from a serious kernel hang and kernel memory overwrite problem.
[...]Does this also affect earlier 2.4 releases which did not yet incorporate IGMPv3? If so, to which extent? AFAIR, IGMPv3/MLDv2 was added in 2.4.22.
At least the PoC requires *_(UN)BLOCK_SOURCE APIs which were added with IGMPv3.
As far as I can see (a very quick look), 2.4 prior to 2.4.22 should not be (at least similarly) affected.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Current thread:
- Linux kernel IGMP vulnerabilities Paul Starzetz (Dec 14)
- Re: Linux kernel IGMP vulnerabilities Pekka Savola (Dec 14)
- Re: Linux kernel IGMP vulnerabilities stephen joseph butler (Dec 15)
- Re: Linux kernel IGMP vulnerabilities Paul Starzetz (Dec 15)
- Re: Linux kernel IGMP vulnerabilities matthew-bugtraq (Dec 15)
- RE: Linux kernel IGMP vulnerabilities Wolfpaw - Dale Corse (Dec 16)
- RE: Linux kernel IGMP vulnerabilities Jirka Kosina (Dec 17)
- Re: Linux kernel IGMP vulnerabilities Paul Starzetz (Dec 15)